← Back to home

Privacy Policy

Last updated: January 13, 2026

1. Introduction

ScopeNest is a secure AI chat platform for company documents with workspace-level access control. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using ScopeNest, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, company name, and password when you create an account
  • Documents: Files and documents you upload to workspaces
  • Conversations: Your interactions with the AI, including questions asked and responses received
  • Workspace Settings: Configuration data, access permissions, and workspace-specific prompts
  • Payment Information: Billing details processed through our third-party payment processor (we do not store credit card numbers)

2.2 Information Automatically Collected

  • Usage Data: AI query counts, document upload activity, login timestamps, and feature usage
  • Device Information: IP address, browser type, operating system, and device identifiers
  • Analytics: Page views, session duration, and navigation patterns (anonymized)

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our AI chat service
  • Process and index your documents for AI-powered search and retrieval
  • Enforce workspace-level access controls and permissions
  • Monitor usage for billing and quota management
  • Send service-related notifications and updates
  • Detect, prevent, and address technical issues or security threats
  • Comply with legal obligations and resolve disputes
  • Analyze usage patterns to improve our platform (using aggregated, anonymized data)

4. Data Security and Encryption

We implement industry-standard security measures to protect your data:

  • Encryption at Rest: All documents and conversations are encrypted using AES-256 encryption
  • Encryption in Transit: All data transmission uses TLS 1.3 or higher
  • Workspace Isolation: Each workspace is logically isolated with no cross-contamination of data
  • Access Controls: Role-based permissions ensure users only access authorized data
  • Regular Backups: Automated encrypted backups with secure storage
  • Security Monitoring: Continuous monitoring for unauthorized access attempts

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

5. AI Model Training and Third-Party Services

5.1 Your Data is Never Used for Training

We do not and will never use your documents or conversations to train AI models. Your company data remains private and isolated within your workspaces. We use retrieval-augmented generation (RAG), where the AI reads your documents at query time but never learns from them.

5.2 Third-Party AI Services

We use third-party AI providers (such as OpenAI and Anthropic) to power our AI responses. When you make a query:

  • Relevant excerpts from your documents are sent to the AI provider along with your question
  • These providers process data according to their enterprise API terms, which prohibit training on customer data
  • We have data processing agreements (DPAs) in place with all AI providers
  • No full documents are transmitted - only relevant snippets needed to answer your query

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information or documents. We may share information only in the following circumstances:

  • Within Your Organization: Based on workspace permissions you configure
  • Service Providers: Third-party vendors who assist in operating our service (cloud hosting, payment processing, analytics) under strict confidentiality agreements
  • Legal Requirements: When required by law, court order, or to protect our rights and safety
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to affected users)
  • With Your Consent: For any other purpose with your explicit permission

7. Data Retention and Deletion

7.1 Retention Period

We retain your data for as long as your account is active or as needed to provide services. Specifically:

  • Documents: Retained until you delete them or close your account
  • Conversations: Retained for 90 days unless deleted earlier by you
  • Usage Analytics: Aggregated data retained indefinitely for service improvement
  • Backup Data: Retained for 30 days in encrypted backups

7.2 Account Deletion

When you delete your account or cancel your subscription:

  • You can export all your documents and conversation history before deletion
  • All your data is permanently deleted within 30 days
  • Backup copies are securely erased within 30 days
  • Some metadata may be retained for legal and accounting purposes (e.g., transaction records)

8. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Portability: Export your data in a machine-readable format
  • Opt-Out: Unsubscribe from marketing communications
  • Objection: Object to certain processing of your data

To exercise these rights, contact us at privacy@scopenest.app

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by regulatory authorities
  • Data processing agreements with all service providers
  • Compliance with applicable data protection laws (GDPR, CCPA, etc.)

10. Children's Privacy

ScopeNest is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

11. Cookies and Tracking

We use cookies and similar tracking technologies to:

  • Maintain your session and keep you logged in
  • Remember your preferences and settings
  • Analyze site traffic and usage patterns
  • Improve our service and user experience

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our service.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending an email notification (for significant changes)

Your continued use of the service after changes become effective constitutes acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: